Skip to main content

Policy Exceptions

Professional

Exceptions allow users to bypass specific policies when there's a legitimate business need. This guide covers how to create, manage, and audit exceptions.

When to Use Exceptions

Exceptions are appropriate when:

  • A user needs to discuss sensitive data for legitimate business
  • Test data triggers policies (e.g., test credit cards)
  • Security team needs unrestricted access for investigation
  • Temporary project requires different rules

Exceptions are not appropriate for:

  • Avoiding policies you disagree with
  • Permanent workarounds (adjust the policy instead)
  • Bypassing compliance requirements

Exception Types

User Exceptions

Grant an individual user the ability to bypass a policy.

Example: Security analyst investigating a breach needs to share sample data with AI for analysis.

Team Exceptions

Allow all members of a team to bypass a policy.

Example: Security team needs unrestricted access during incident response.

Policy Exceptions

Create an allowlist for specific content patterns.

Example: Test credit card numbers should never trigger alerts.

Temporary Exceptions

Time-limited exceptions that automatically expire.

Example: Contractor needs access for a 2-week project.

Creating Exceptions

From an Alert

  1. Open the alert that was incorrectly triggered
  2. Click Grant Exception
  3. Configure:
    • Type: User, Pattern, or Both
    • Duration: Permanent or time-limited
    • Scope: This policy or all policies
  4. Add justification (required)
  5. Click Create Exception

From Policy Settings

  1. Open the policy configuration
  2. Click Exceptions tab
  3. Click Add Exception
  4. Configure the exception details
  5. Save

From Exception Management

  1. Go to Settings > Exceptions
  2. Click Create Exception
  3. Select policy
  4. Configure details
  5. Save

Exception Configuration

User-Based Exception

Type: User
User: analyst@company.com
Policy: SSN Detection
Duration: 30 days
Justification: "Authorized for breach investigation - Ticket #5678"
Approved By: admin@company.com

Pattern-Based Exception

Type: Pattern
Pattern: "4111111111111111"
Policy: Credit Card Detection
Duration: Permanent
Justification: "Test credit card number for development"
Approved By: admin@company.com

Team Exception

Type: Team
Team: Security Operations
Policy: All Credential Policies
Duration: Permanent
Justification: "SOC requires unrestricted AI access for investigations"
Approved By: ciso@company.com

Exception Fields

FieldDescriptionRequired
TypeUser, Team, or PatternYes
SubjectWho/what the exception applies toYes
PolicyWhich policy to bypassYes
DurationHow long the exception lastsYes
JustificationBusiness reasonYes
Ticket ReferenceRelated ticket/requestRecommended
Approved ByWho approvedAuto-filled

Managing Exceptions

Viewing Exceptions

Go to Settings > Exceptions to see:

  • All active exceptions
  • Expired exceptions
  • Pending approvals

Filtering Exceptions

Filter by:

  • Status (Active, Expired, Pending)
  • Type (User, Team, Pattern)
  • Policy
  • Created date
  • Expiration date

Modifying Exceptions

  1. Find the exception in the list
  2. Click to open details
  3. Click Edit
  4. Make changes
  5. Add note explaining the change
  6. Save

Revoking Exceptions

  1. Find the exception
  2. Click Revoke
  3. Add reason for revocation
  4. Confirm

Revoked exceptions take effect immediately.

Approval Workflow

Enterprise

Configuring Approval

  1. Go to Settings > Permissions
  2. Configure Exception Approval:
    • Who can create exceptions
    • Who can approve exceptions
    • Approval requirements by policy severity

Approval Flow

  1. User requests exception
  2. Request goes to approver queue
  3. Approver reviews and approves/denies
  4. User notified of decision
  5. If approved, exception activates

Multi-Level Approval

For high-risk policies, require multiple approvers:

  • First approval from team lead
  • Second approval from security admin

Exception Audit

All exceptions are logged for compliance:

Audit Trail

Each exception records:

  • When created
  • Who created
  • Who approved
  • All modifications
  • When expired/revoked

Exception Reports

Generate reports showing:

  • Active exceptions by policy
  • Exception request volume
  • Approval rates
  • Average duration

Compliance Review

Regularly review exceptions:

  1. Monthly review of all active exceptions
  2. Quarterly justification verification
  3. Annual exception policy review

Best Practices

Justification

  • Be specific about the business need
  • Reference related tickets
  • Include expected end date

Duration

  • Prefer time-limited exceptions
  • Set realistic durations
  • Review before renewal

Scope

  • Keep scope as narrow as possible
  • Single policy over "all policies"
  • Single user over team when possible

Documentation

  • Maintain exception request records
  • Document approval reasoning
  • Track exception usage

Troubleshooting

Exception Not Working

  1. Verify exception is active (not pending)
  2. Check scope matches the situation
  3. Confirm user is covered
  4. Review policy hasn't changed

Expired Unexpectedly

  1. Check configured duration
  2. Look for revocation in history
  3. Verify no conflicting policy changes

Can't Create Exception

  1. Check your permissions
  2. Verify you have exception creation rights
  3. Contact admin if needed